Author: seanius Date: 2007-02-18 18:09:26 +0100 (Sun, 18 Feb 2007) New Revision: 5472 Modified: data/CVE/list Log: another chunk of comments/updates on progress with php CVE''s 2007-0906 through 2007-0911 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-18 17:03:14 UTC (rev 5471) +++ data/CVE/list 2007-02-18 17:09:26 UTC (rev 5472) @@ -180,16 +180,30 @@ NOTE: meantime, so we don''t forget about it. CVE-2007-0910 (Unspecified vulnerability PHP before 5.2.1 allows attackers to ...) - php5 <unfixed> (bug #410561; medium) + NOTE: fix is believed to be isolated, needs verification and backporting: + NOTE: see CVE-2007-0910_clobbering-superglobals.diff in + NOTE: http://people.debian.org/~seanius/security/php CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...) - php5 <unfixed> (bug #410561; medium) + NOTE: half of fix (odbc part) is found, still trying to dig out the + NOTE: problems related to *print functions. + NOTE: see CVE-2007-0910_clobbering-superglobals.diff in + NOTE: http://people.debian.org/~seanius/security/php + NOTE: other half is possibly CHECKME-printfstuff-maybecve.diff and + NOTE: CHECKME-formattedprint-maybecve.diff and + NOTE: CHECKME-main.c-precision-maybecve.diff in the same place. CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers to ...) NOT-FOR-US: PHP NOTE: this extension is not enabled in the php packages CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...) - php5 <unfixed> (bug #410561; medium) + NOTE: fix found, needs testing/backporting. see: + NOTE: CVE-2007-0907_sapi_header_op.diff in + NOTE: http://people.debian.org/~seanius/security/php CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...) - NOTE: still separating the wheat from the chaff for the "unspecified" - NOTE: vulnerabilities. the list of changes to be sorted through are + NOTE: all fixes are believed to be found, though there''s still some + NOTE: unrelated changes in some of the patches that need to be removed. + NOTE: the list of changes to be sorted through are NOTE: available as CVE-2007-0906_N_description.diff at NOTE: http://people.debian.org/~seanius/security/php/ NOTE: (4) is a non-issue, as we don''t use the bundled sqlite @@ -198,8 +212,8 @@ - php5 <unfixed> (bug #410561; medium) NOTE: we normally don''t spend much time on safe_mode and open_basedir NOTE: issues, but the because the attack vectors are "unspecified", it - NOTE: would be harder for us to try and sort out the fixes for this - NOTE: from the fixes in CVE-2007-0906 (see there for more info) + NOTE: might be harder for us to try and sort out the fixes for this + NOTE: from the session fixes in CVE-2007-0906 (see there for more info) CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...) NOT-FOR-US: LightRO CMS CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)